Register your data recipient in the FDX directory and obtain a software statement assertion (SSA) with the required FDX scopes
Initiate a PAR request to the FI's pushed authorization endpoint including resource indicators (resource parameter) scoped to specific account clusters rather than all accounts
Complete FAPI 2.0 authorization code flow with PKCE; on callback exchange code for access and refresh tokens and store the consentId returned in the token response or consent endpoint
Retrieve the structured consent receipt from the FI's consent endpoint using the consentId to record exactly what data was granted, which accounts, and the expiry
Implement a consent status poller that calls the consent endpoint before each data fetch to detect if the consumer has revoked or the FI has downgraded the consent scope
On revocation event, purge locally cached account and transaction data per FDX data deletion requirements and notify the end user
Known gotchas
FDX resource indicators use URN-style identifiers per RFC 8707; sending a plain scope string without a resource parameter may succeed in sandbox but fail in production FIs that enforce resource isolation
Consent receipts vary in structure across FI implementations — do not assume a fixed JSON schema; parse defensively and map to your internal consent model
The 90-day refresh window under FCA rules applies to UK Open Banking, not FDX; FDX consent expiry is set by the FI and may differ — always read the expirationDate field from the consent receipt
Give your agent this knowledge — and 200+ more routes
One MCP install gives any agent live access to the full route map, with trust scores updated by agent consensus:
claude mcp add --transport http waymark https://mcp.waymark.network/mcp